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(57) Abstract 



A wireless authentication system to control an operating state of a node such as a computer, door control mechanism or any 
multi state product based on the proximity of an authorized user to the node. The wireless authentication system comprises a security device 
implemented within the node (110) and a user authentication token ("token") in possession of the authorized user. A Challenge/Response 
protocol (140) is configured between the security device and the token (120). The first successful Challenge/Response message exchange 
between the security device and the token (120) places the node (1 10) in an operational state allowing the authorized user access to the 
contents and/or networked resources of the node (1 10). Later Challenge/Response message exchanges are set to occur periodically to check 
whether the authorized user possessing the token has left the node (110) unattended thereby causing the node (110) to be placed in a 
non-operational state, 
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AN AUTHENTICATION SYSTEM BASED ON 
PERIODIC CHALLENGE/RESPONSE PROTOCOL 

CROSS-REFERENCES TO RELATED APPLICATIONS 

The named inventor of the present application has filed a 
number of co-pending United States Patent Applications entitled 
"Apparatus and Method for Providing Secured Communications" 
(Application No. 08/578,177), "Secured Method for Providing Secured 
Communications" (Application No. 08/538,869), "Method For 
Providing A Roving Software License In A Hardware Agent-Based 
System" (Application No. 08/472,951), "Key Cache Security System" 
(Application No. 08/365,347), and "Apparatus and Method for a Vetted 
Field Upgrade" (Application No. 08/316,211) and issued U.S. Patent 
entitled "Roving Software License For A Hardware Agent" (U.S. 
Patent No. 5,473,692). These applications are owned by the same 
assignee of the present Application. 

BACKGROUND OF THE INVENTION 

1. Field of the Invention 

The present invention relates to data security. More 
particularly, the present invention relates to a wireless authentication 
system which mitigates the likelihood of unauthorized use of an 
electronic device through periodic challenge /response messages. 

2. Description of Art Related to the Invention 

As personal computers ("PCs") become more prevalent in 
businesses throughout the world, it is becoming increasingly 
'important to provide security to prevent their unauthorized use. 
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Already, there exist a number of authentication systems which 
provide marginally effective security of one's personal computer. For 
example, one well-known type of conventional authentication system 
is a "password-based" system in which a person is allowed access to 
the contents of and resources networked to a personal computer by 
correctly typing in a previously chosen password. However, 
password-based systems are susceptible to (i) software which can be 
used to capture the person's password and to (ii) common "human" 
mistakes such as confiding one's password to another or using the 
same password for a long period of time. Moreover, password-based 
systems do not provide any mechanism for mitigating the risk of 
unauthorized use of one's personal computer in those situations 
where the user fails to turn-off his or her personal computer before 
leaving work or has to leave his or her office for a moment (e.g., 
lunch, attend a meeting, etc.) but leaves his or her personal computer 
running i.e., in an operational state. 

Another example is a password protected screen saver which 
automatically turns off one's computer if it is not used for a 
predetermined period of time. This authentication system is usually 
disruptive to the user because its state is dependent on whether or not 
the user is using the computer, not the proximity of the user to the 
computer. Thus, if the user is on the phone for a while, the computer 
may be mistakenly turned off. requiring the user to log-in again. Thus, 
users commonly set the "time-out" of the screen saver for a long 
duration which defeats its objective to protect the contents of the 
computer when the user has left his or her office without turning off 
the computer. 

Another marginally effective authentication system is a "card- 
based" system in which a "smartcard" card being an integrated circuit 
carried in a credit card form factor, PCMCIA card or magnetic stripped 
card (hereinafter generally referred to as "token cards") is used to gam 
physical and/or electrical access to the personal computer. Normally, 
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token cards may be either inserted into a designated card slot of the 
personal computer, placed in physical contact with a reading device 
coupled to the computer or placed in an area where the personal 
computer resides (e.g., an office, laboratory and the like). These token 
cards are used to verify that the person in possession of the card is in 
fact authorized to use the personal computer. Depending on the type 
of token card, such verification is accomplished by the token card 
responding to a request (i.e., "Challenge message'') for information by 
providing a "token" (i.e. code), normally a random number although 
it may be static, in response to the challenge issued by the personal 
computer. In the case of a more sophisticated token card, this request 
will be in the form of a random "challenge" which the token card 
must first process in order to provide the correct "response". 
Although this type of authentication system arguably provides greater 
security than the password-based system, it still does not solve the 
problem where the user accesses his or her personal computer and 
leaves the personal computer unattended for some duration without 
removing the card or disabling the personal, computer during his or 
her absence. 

Hence, it is desirable to develop a wireless authentication 
system which does not require a physical connection to the personal 
computer, thereby mitigating the chances of mistakenly leaving one's 
token card within or in proximity of one's computer. While there 
now exist some authentication systems in the marketplace such as 
those provided by Security Dynamics, Inc. of Cambridge, 
Massachusetts and Digital Pathways of Mountain View, California, 
their systems do not utilize periodic Challenge/Response protocol to 
ascertain whether the authorized user of the personal computer has 
left his or her personal computer unattended for a predetermined 
period of time. 
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Q1MMARY THF INVENTION 

A wireless authentication system to control an operating state 
of a first node (e.g., computer) based on the proximity of an authorized 
user to the first node. The wireless authentication system comprises a 
security device implemented within the first node and a user 
authentication token in possession of the authorized user (e.g., worn, 
carried etc ). The security device generates a Challenge message and 
transmits the same to the token. In response, the token generates and 
transmits a Response message to the security device if the token is 
within a predetermined distance from the security device. Thereafter, 
the authorized user can access the first node because it is in an 
operational state. 

Subsequently, the security device generates and transmits other 
Challenge messages at selected intervals to check whether the 
authorized user normally wearing the token has left the first node 
- unattended. If the token responds correctly indicating that the token 
is still proximate to the first node, the first node is maintained m its 
operational state. Otherwise, the first node enters into a non- 
operational state disallowing further access thereto. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

The features and advantages of the present invention will 
become apparent from the following detailed description of the 
present invention in which: 

Figure 1 is a perspective view of the wireless authentication 
system comprising a personal computer periodically producing a 
Challenge message to query the proximity of the user and his or her 
token as well as the token producing a Response message in response 
to the Challenge message. 

Figure 2 is a block diagram of the general architecture of the 
personal computer of Figure 1. 

Figure 3 is a block diagram of an illustrative embodiment of the 
security device employed within a node as shown in Figure 2. 

Figure 4 is a block diagram of an illustrative embodiment of the 
token of Figure 1 . 

Figure 5 is a flowchart illustrating the procedural steps 
undertaken by the wireless authentication system in protecting the 
integrity of the contents and networked resources of the node through 
periodic Challenge and Response messages. 

Figures 6A-6C are block diagrams of three illustrative 
embodiments of the Challenge/Response protocol. 

Figure 7 is an illustrative embodiment of the operations for 
configuring the token to provide security against the unauthorized 
access of the node. 
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The present invention relates to a wireless authentication 
system which provides and maintains a node in an operational state 
only when, through periodic bi-directional communication* it 
ascertains whether an individual wearing a user authentication token 
is within a predetermined (approximate) distance from the node. In 
the following description, numerous specific details are set forth but it 
is appreciated to one skilled in the art that these exact details are not 
required to practice the present invention. Likewise, certain well- 
known components, devices and method steps are not set forth in 
detail to avoid unnecessarily obscuring the present invention. 

Herein certain well-known terminology is generally defined 
below. For example, a "message" is generally defined as information 
(e g , data, address, encrypted keys and any other information) being 
transferred in a sequence of one or more cycles. Two common types of 
messages are a "Challenge" message and a "Response" message 
collectively authenticating the user of the node and his or her 
whereabouts. A "key" is an encoding and/or decoding parameter used 
by cryptographic algorithms such as Rivest, Shamir and Adleman 
( 4sl") which use public and private key pairs and Data Encryption 
Algorithm ("DES") which use a secret key shared in confidence 
befween two parties. A "digital certificate" is defined as any digital 
information (e.g., a public key) encrypted of a private key of a widely 
known trusted authority (e.g., bank, governmental entity, trade 
association, equipment manufacturer, company security, system 
administration, etc.) to securely transmit the digital information 
between two electronic devices. 

Referring to Figure 1. an illustrative embodiment of the 
wireless authentication system of the present invention •» 
The wireless authentication system 100 features a secunty dev.ce not 
shown) implemented within a node (e.g., a personal computer) 110 
and a user authentication token ("token") 120 worn by an authorised 
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user 130. The token 120 may be constructed in any form, preferably a 
form that is not too obtrusive to carry or wear. Examples of forms that 
can be used by the tokens include, but are not limited to pagers or 
identification badges. The function may also be implemented in 
another device with an alternative purpose such as a cellular 
telephone. The personal computer 110 periodically attempts to 
establish a communication link 140, represented by dotted lines, with 
the token 120 through infra-red ("IR") transmissions or through any 
other medium that does not require physical connection (e.g., radio 
frequency "RF" signals in which the personal computer 110 may 
require an antenna). The communication link 140 may be established 
and maintained only when the token 120 is within a predetermined 
distance (e.g., within 20 feet) from the personal computer 110. It is 
contemplated that although the wireless authentication system is 
being described with a personal computer, it could be implemented to 
secure any node being an electronic product such as a peripheral to the 
computer (printer, mass storage device, etc.), door locking 
mechanisms (i.e., garage door opener, electronic door locks) and the 
like. 

Upon establishing the communication link 140, information is 
exchanged, normally in an encrypted format in at least one direction, 
between the security device (not shown) and the token 120. Upon the 
security device determining that the token 120 responded correctly, 
the user 130 is granted access to the contents (i.e., data, applications 
and other information stored thereon) of the personal computer 110 
as well as its networked resources. 

It is contemplated that the wireless authentication system 100 
may be utilized with another authentication system (password-based 
system, card-based system, etc) to prevent the personal computer 110 
from being mistakenly accessed in certain situations. One situation is 
where the authorized user 130 wearing the token 120 is walking by the 
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personal computer 110 within the predetermined distance without 
any intention of using the personal computer 110. 

Referring now to Figure 2, an embodiment of the personal 
computer 110 featuring the security device of the authentication 
system is illustrated. The personal computer 110 includes a first bus 
200 enabling information to be communicated between a security 
device 210, a wireless interface 215 and a plurality of subsystems 
including a processor subsystem 220, a memory subsystem 240 and an 
mput/output ("I/O") subsystem 260. The details of the security device 
■>10 are discussed in Figure 3 and the wireless interface 215 is a 
conventional interface which is constructed to transmit and receive 
messages in an "IR" or perhaps "RF" format. 

As further shown in Figure 2, the processor subsystem 220 
includes a host processor 225 illustrated as a single processor but may 
be employed as multiple processors within the personal computer 110. 
It is contemplated that the security device 210 is represented as a co- 
processor but the authentication operations could be performed by the 
host processor 225, provided there is no concern about virus attack or 
removal of the chassis of the personal computer to monitor its bus 
signals. However, since the host processor is an open platform 
architecture, implementation of the security device 210 itself or its 
functionality within the host processor 225 would require isolation of 
the authentication operations from normal operations of the host 
processor 225. 

The memory subsystem 240 includes a memory controller 245 
which is coupled to the first bus 200. The memory controller 245 
controls the access to at least one memory device 250 such as dynamic 
random access memory ("DRAM"), read only memory ("ROM"), 
video random access memory ("VRAM") and the like. The memory 
device 250 stores data, instructions and other information for use by 
the host processor 225. 
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The I/O subsystem 260 includes an I/O controller 265 which is 
coupled to both the first bus 200 and a second bus 270 (e.g., a Peripheral 
Component Interconnect "PCI" bus, Industry Standard Architecture 
"ISA" bus and the like). The I/O controller 265 provides a 
communication path to allow devices connected to the first bus 200 or 
the second bus 270 to exchange information. The second bus 270 
allows information to be transferred from or to at least one peripheral 
device including, but not limited to a display device 275 (e.g., cathode 
ray tube, liquid crystal display, etc.); an alphanumeric input device 276 
(e.g., an alphanumeric keyboard, etc.) for communicating information 
(address, data and control) to the host processor 225; a cursor control 
device 277 (e.g., a mouse, trackball, joystick, touchpad, etc.); a mass data 
storage device 278 (e.g., magnetic tapes, hard disk drive, floppy disk 
drive, etc.); an information transceiver device 279 (fax machine, 
modem, etc.) for transmitting information from the personal 
computer 110 to another remotely located device and for receiving 
information therefrom; and a hard copy device 280 (e.g., plotter, 
printer, etc.) for providing a tangible, visual representation of the 
information. It is contemplated that the personal computer shown in 
Figure 2 may employ some or all of these devices or different devices 
than those illustrated. For example, the security device 210 could be 
coupled to the second bus 270 instead of the first bus 200, a local bus 
(not shown) within the host processor 225 or may be adapted to any 
bus line coupling any of the peripheral devices such as the mass 
storage device 278. 

Alternatively, the security device could be utilized for access 
control purposes outside the computer field such as in the automatic 
field, home and business security field. It is contemplated that the 
security device and token combination could be used to authenticate 
the holder of the token before granting access to a node of 
transportation (car, bus, farm equipment, etc.) garage, and home or 
office or any other node by implementing the security device in that 
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node such as within a door control mechanism (e.g., garage door 
opener, electronic locks, etc.) and the like. 

Referring to Figure 3, one embodiment of the security device 

210 is shown. The security device 210 includes a processing unit 211 
and a memory unit 212. The processing unit 211 may be a co- 
processor, micro-controller or any other device having processing 
capabilities. The memory unit 212 preferably is made of non-volatile 
memory which is able to contain cryptographic algorithms as well as 
cryptographic keys (e.g., public key(s) of various tokens, a public key of 
the widely known trusted authority, a unique public /private key pair, 
a DES key, etc.). In this embodiment, both the processing unit 211 
and the memory unit 212 are implemented in a single integrated 
circuit package 213 to mitigate the risk of tampering although they 
may be separately packaged and hardwired together. The security 
device 210 may include an interface 214 coupling the processor unit 

211 to the first bus. 

Referring now to Figure 4, one embodiment of the token 120 is 
shown. The token 120 comprises a wireless interface 300 to exchange 
messages, namely Challenge and Response messages with the 
personal computer or any node. These messages may follow an IR or 
RF transmission protocol although other types of transmission 
protocols may be used. The wireless interface 300 is coupled to a 
processor 310 and a memory element 320, both of which are preferably 
integrated into one integrated circuit package 325 to reduce 
vulnerability to physical tampering. The memory element 320 has 
non-volatile characteristics (either as true non-volatile memory or as 
RAM with a "permanent" power source such as a battery) and is 
preferably configured to contain its unique public and private key pair 
and perhaps a digital certificate to allow the token 120 to securely 
transmit its public key "PUT" to the security device in the event that 
the security device is not configured at manufacture with various 
public keys of tokens whose users are allowed access to the personal 
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computer or its controlling node. It is an option for the token 120 to 
provide an 6n-board power source 330 (e.g., a battery) to possibly 
supply power to components within the token 120 for operational 
purposes as well as to possibly service the memory element 320 if 
needed. For some protocol implementations, inclusion of a random 
number generator may be desirable (particularly where the token is 
also used to authenticate the personal computer). 

Referring to Figure 5, the operational steps performed by the 
wireless authentication system in periodically exchanging Challenge 
and Response messages between a node (e.g., computer, locking 
mechanism for car doors, home or office door entry, etc.) and the 
token is illustrated. In this embodiment, the node prompts a user for 
a password but continues to deny access to its contents and networked 
resources (Steps 400-405). Upon the user entering his or her password, 
the node determines whether the password is correct (Step 410). If the 
password is incorrect, the node prompts the user to re-enter the 
password. Of course, the node may be configured to allow only one or 
more tries to enter the password before precluding access to the node 
without assistance by security (such as a corporate security officer) or 
imposing a time-delay before one can attempt to try to access the node. 

Alternatively, if the password is correct, the node, namely the 
security device, generates a Challenge message and transmits the 
Challenge message covering a predetermined distal range from the 
node (Step 415). Thereafter, it awaits a Response message from the 
token and its verification before allowing the user access to the 
content stored on the node or its networked resources (Step 420). If no 
Response message is received after a prescribed period of time, access 
is denied (Step 425). Otherwise, upon receiving the Response 
message, the node verifies whether the Response message is correct 
(Step 430). If the Response message is incorrect, the user is denied 
access to the node by any conventional manner such as by displaying a 
screen-obscuring image, refusing further input from the keyboard, 
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mouse, etc., suspending further I/O to and from the node or 
suspending any network connections for a computer representing the 
node. If the Response message is correct, the user is provided access to 
the node and a timing circuit integrated in the node is set to signal 
when the node is to generate another Challenge message and undergo 
another Challenge /Response session (Steps 435-445). This ensures 
that the node will periodically require authentication and implicitly 
the proximity of the user from the node before maintaining it in its 
operational state or placing it in a non-operational state. 

The periodic Challenge/Response message may be performed 
in a number of ways as shown in Figures 6A-6C. These are shown 
purely for clarification; other means of authentication may be used 
without deviating from the spirit of this invention. For example, the 
node, namely the security device 210, may generate a random number 
("RN") 500 and transmit RN 500 in a non-encrypted format as a 
Challenge message to the token 120. Upon receiving the Challenge 
message, the token 120 encrypts RN 500 with its private key "PRT", 
forming a Response message 505 and returns the Response message 
505 back to the security device 210. Thereafter, the security device 210 
decrypts the Response message 505 with a public key of the token 
"PUT" and checks to verify that the random number received 
("RN rec ") 510 is equivalent to RN 500. 

Another example is that the security device 210 may produce a 
Challenge message 525 by generating a random number "RN" 520 and 
encrypting RN 520 with the token's public key "PUT" stored within 
the security device 210. Thereafter, the Challenge message 525 is 
transmitted to the token 120. Upon receiving the Challenge message 
525, the token 120 decrypts the Challenge message 525 with its private 
key "PRT" to retrieve the random number "RN tr mt" 530. Thereafter, 
RNtrmt 530 is transmitted back to the security device 210 and compared 
with RN 520 previously transmitted to determine if they are 
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equivalent. If so, the user is provided access to the data stored within 
the node and if not, the user is prevented such access. 

Another illustrative example is shown in Figure 6C where the 
security device 210 is not designed to store any public keys associated 
with authorized tokens. As a result, a digital certificate is required as 
shown. The security device 210 transmits a random number ('TIN") 
540 to the token 120. The token 120 receives RN 540 and encrypts RN 
540 with the private key of the token "PRT" to produce an encrypted 
random number "RN pr t" 545 as part of a Response message 550. The 
other part of the Response message 550 is a digital certificate 555 
obtained from a well-known Trusted Authority 560 (e.g., system 
administrator, company security, etc.) in which its public key 'TUT A" 
565 is widely disseminated. The digital certificate 555 is the public key 
of the token ("PUT") 575 encrypted with the private key of the Trusted 
Authority "PRTA" 570. Both parts of the Response message 550 are 
transmitted to the security device 210. 

Upon receiving the Response message 550, the security device 
210 decrypts the digital certificate 555 with PUTA 565 to obtain PUT 
575. Next, PUT 575 is used to decrypt RN prt 545. Finally, RN 580 
received from the token is compared to RN 540 transmitted to the 
token 120 and if these numbers are equivalent, the Response message 
550 is correct. 

Alternatively, in lieu of a password-based system being 
implemented within the node, the token may be configured to require 
a password or a personal identification number ("PIN"), Thus, the 
token remains in an inactive state unless its user periodically 
authenticates himself or herself. Of course, the advantage of having 
the password-based system employed within the node is that the node 
is already adapted with I/O devices (e.g., an alphanumeric keyboard) to 
assist a user in authenticating himself or herself. However, as stated 
previously, the node is susceptible to virus attacks which would not be 
an issue if the password-based system is employed within the token. 
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In this embodiment, the token requires periodic password or personal 
identification number ("PIN") authentication by the user so that if the 
token is lost or misplaced, it cannot be used by an unauthorized user 
once the token becomes inactive by failure to timely provide 
authentication information. It is plausible that the token may employ 
a type of biometric measurement device in lieu of a password-based 
system. For example, a thumbprint or fingerprint reader could be 
integrated into the token requiring the authorized user to periodically 
(e.g., sample at predetermined times or every hour, day, etc.) to ensure 
that the token itself cannot be used if it is lost. There are a few 
companies such as Digital Pathways and Security Dynamics that have 
developed tokens that require user authentication to operate. 
However, these tokens do not lend themselves to periodic 
authentication through Challenge and Response messages as 
illustrated above. 

Referring now to Figure 7, the operations of the token 
implemented with a password-based system are illustrated below. 
First, in Step 600, at a periodic interval, the user provides 
authentication information to the token. If the authentication 
information is correct, the token is functional and exists in an active 
state (Steps 605-610). Thereafter, after a preselected period of time has 
elapsed, the token enters into an invalid state which requires the user 
to enter authentication information into the token again (Step 615). 
Otherwise, if the user authentication information is incorrect, the 
token remains nonfunctional (Step 615). 

In the event that the token is in an active state, the token 
receives a query signal from the node once it is carried or worn within 
a predetermined distance from the node (Step 620). In that event, the 
token responds to the query with an identification message indicating 
the identity of the user (Step 625). Next, in Step 630, upon receiving 
the identification message from the token, the node generates and 
transmits a Challenge message directed to that token. Thereafter, the 
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node awaits a Response message within a prescribed time period. If 
the node does not receive a Response message within that time or 
receives an incorrect Response message, access is denied to the node 
(Steps 635-645). However, if the node receives the Response message 
within the prescribed period of time and it is correct, the user is 
granted access to the node (Step 650). 

Thereafter, timing circuitry within the node is set for the node 
to generate another Challenge message after a predetermined time 
period has expired (Step 655). Next, the token is checked to see 
whether it has been in the active state for longer than the selected 
time (Step 660). If so, the token becomes nonfunctional and the user is 
denied access to the node (Step 665). If the token is still active, the 
timing circuitry of the node is checked to see whether the 
predetermined time period has expired (Step 670). If not, the state of 
the token and expiration of the time period set by the timing circuitry 
in the node is checked at a later time. Otherwise, if the timing period 
has expired, the node is prompted to generate another Challenge 
message to the token for periodic authentication that the user is 
proximate to the node. 

While various embodiments of the invention have been 
described, those skilled in the art will realize that other embodiments 
of the invention are easily foreseeable without departing from the 
spirit and scope of the present invention. For example, the token may 
initiate query messages to allow the node to determine when the 
token is in the proximity. Likewise, the periodic challenge/response 
communications may be initiated by the token rather than the node so 
long as the node still authenticates the token. Moreover, well known 
circuitry and operational steps are not set forth in detail in order to 
avoid unnecessarily obscuring the present invention. The invention 
should, therefore, be measured in terms of the following claims. 
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CLAIMS 



What is claimed is: 



1. A method to control an operating state of a node based 
on the proximity of an authorized user in possession of a token to the 
node, the method comprising the steps of: 

(a) transferring a first message from the node to the 

token; 

(b) transferring a second message from the token to the 
node, said second message being in response to the first 
message; 

(c) determining whether the second message correctly 
responds to the first message, and placing the node in a first 
state if the second message correctly responds to the first 

message; and 

(d) periodically performing steps (a) - (c) to ascertain 
whether the token is within a predetermined distance from the 
node, and 

maintaining the node in the first state if the token 

correctly responds; and 

placing the node in a second state if the token fails 

to respond or responds incorrectly. 

2. The method according to claim 1, wherein said first state 
is an operational state and said second state is a non-operational state. 

3. The method according to claim 2, wherein said node is a 
computer. 

4. The method according to claim 2, wherein said node is a 
door control mechanism. 
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5. The method according to claim 1, wherein said first 
message includes a random number and said second message correctly 
responds to said first message by returning said random number. 

6. The method according to claim 5, wherein said first 
message includes said random number in a non-encrypted format and 
said second message includes said random number encrypted with a 
private key associated with the token. 

7. The method according to claim 5, wherein said first 
message includes said random number encrypted with a public key 
associated with the token and said second message includes said 
random number in a non-encrypted format. 

8. The method according to claim 5, wherein said first 
message includes said random number and said second message 
includes said random number encrypted with a private key associated 
with the token and a digital certificate containing a public key 
associated with the token encrypted with a private key of a trusted 
authority. 

9. The method according to claim 1, wherein said 
periodicity of said first and second message exchanges is 
programmable. 

10. The method according to claim 1, wherein prior to step 
(a), the method comprises the steps of: 

transferring a query message from the node to the token; 

and 

transferring a response to the node by the token when 
the token is within said predetermined distance from the node. 
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11. The method according to claim 1, wherein prior to step 
(a), the method further comprises the steps of 

transferring a query message from the token to the node; 

and 

transferring a response message from the node to the 
token indicating that the node acknowledges that the token is 
within the predetermined distance. 

12. A method to control an operating state of a node based 
on the proximity of an authorized user in possession of a token to the 
node, the method comprising the steps of: 

(a) authenticating the token by exchanging messages 
between the token and the node; 

(b) authenticating the node by exchanging at least a first 
and second messages between the token and the node and 
placing the node in a first state if said second message correctly 
responds to said first message; and 

(c) periodically performing step (b) to ascertain whether 
the token is within a predetermined distance from the node, 
and 

maintaining the node in the first state if the token 

correctly responds, and 

placing the node in a second state if the token fails 

to respond or responds incorrectly. 

13. The method according to claim 12, wherein prior to step 
(a), the method comprises the steps of: 

transferring a query message from the node to the token; 

and 

transferring a response to the node by the token when 
the token is within said predetermined distance from the node. 
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14. The method according to claim 12, wherein prior to step 
(c), the method further comprises the steps of 

transferring query message from the token to the node; 

and 

transferring a response message from the node to the 
token indicating that the node acknowledges that the token is 
within the predetermined distance. 

15. A wireless authentication system to control an operating 
state of a first node having at least a first data bus to support 
communications internally within the first node based on the 
proximity of an authorized user possessing a token to the first node, 
the wireless authentication system comprising: 

a security device implemented within the first node 
having a wireless transceiver, said security device generating a 
plurality of messages to be transmitted to the token through 
said wireless transceiver, wherein each of said plurality of 
messages is separately transmitted after a prescribed time 
interval has elapsed; and 

the token that establishes a wireless communication link 
with said security device, wherein said security device and said 
token operate to place the first node in an operational state 
using said plurality of messages. 

16. The wireless authentication system of claim 15, wherein 
each of said plurality of messages generated by said security device is 
separately transmitted after a prescribed time interval has elapsed. 

17. The wireless authentication system according to claim 16, 
wherein the token (i) initially receives a first message of said plurality 
of messages, (ii) generates a message in response to said first message 
for transmission to said security device to place the first node in said 
operational state and (iii) generates a message in response to each of 
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said plurality of messages subsequent to said first message as long as 
ihe token remains within a predetermined distance from said security 



device. 



18. The wireless authentication system according to claim 15, 

wherein said security device includes 

a processing unit coupled to said first data bus, said 
processing unit generates each of said plurality of messages; 

a memcfy-unit coupled to said first data bus, said 
memory unit contains cryptographic information; and 

an interface coupled to said first data bus, said interface 
receives each of said plurality of messages generated by said 
processing unit and transmits said plurality of messages to said 
token. 

19 The wireless authentication system according to claim 18, 
wherein said security device further includes a random number 
generator coupled to said processing unit. 

20. The wireless authentication system according to claim 18, 
wherein said token includes 

a second data bus; 

a wireless interface coupled to said second data bus, said 
second wireless interface is further coupled to said first wireless 
interface of said security device through a communication link 
to receive said plurality of messages and to transmit a 
corresponding plurality of messages in response to said 

plurality of messages; 

a memory element coupled to said second data bus, said 
memory element contains cryptographic information; and 

a processor coupled to said second data bus, said processor 
generates said corresponding plurality of messages in response 
to said plurality of messages. 
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21. The wireless authentication system according to claim 20, 
wherein said token further includes a power source to provide power 
to at least said memory element and said processor. 

22. The wireless authentication system according to claim 17, 
wherein said first message includes a random number and said second 
message correctly responds to said first message by returning said 
random number. 

23. The wireless authentication system according to claim 17, 
wherein said first message includes said random number in a non- 
encrypted format and said second message includes said random 
number encrypted with a private key associated with the token. 

24. The wireiless authentication system according to claim 17, 
wherein said first message includes said random number encrypted 
with a public key associated with the token and said second message 
includes said random number in a non-encrypted format. 

25. The wireless authentication system according to claim 17, 
wherein said first message includes said random number and said 
second message includes said random number encrypted with a 
private key associated with the token and a digital certificate 
containing a public key associated with the token encrypted with a 
private key of a trusted authority. 

26. The wireless authentication system according to claim 15, 
wherein the node is one of a computer and a door control 
mechanism. 

27. A wireless authentication system to control an operating 
state of a first node based on the proximity of an authorized user to the 
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first node having a wireless transceiver means, the wireless 

authentication system comprising: 

security means for generating a plurality of messages for 
transmission via the wireless transceiver means to a token 
means possessed by the authorized user, each of said plurality of 
messages is separately transmitted after a prescribed time 
interval has elapsed, said security means is implemented 
within the first node; and 

said token means for initially receiving a first message of 
said plurality of messages, for generating a message in response 
to said first message for transmission to said security means to 
place the first node in an operational state and for generating a 
message in response to each of said plurality of messages 
subsequent to said first message as long as said token means 
remains within a predetermined distance from said security 
means. 



28. The wireless authentication system according to claim 27, 
wherein said security means includes 

first bus means for providing a data path within the first 

node; 

first processor means for generating each of said plurality 
of messages, said first processor means being coupled to said 

first bus means; 

first memory means for containing cryptographic 
information, said first memory means being coupled to said 
first bus means; and 

first interface means for receiving each of said plurality o 
messages generated by said first processor means and for 
transmitting said plurality of messages to said token means, 
said first interface means is coupled to said first bus means and 
to a second interface means of said token through a wireless 
communication link therebetween. 
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29. The wireless authentication system according to claim 28, 
wherein said token means includes 

second bus means for providing a data path within said 
token means; 

said second interface means for receiving said plurality of 
messages and for transmitting a corresponding plurality of 
messages in response to said plurality of messages, said second 
interface means being coupled to said second bus means and to 
said first interface means of said security means through the 
communication link; 

second memory means for storing cryptographic 
information, said second memory means being coupled to said 
second bus means; and 

second processor means for generating said 
corresponding plurality of messages in response to said 
plurality of messages, said second processor means being 
coupled to said second bus means. 

30. The wireless authentication system according to claim 29, 
wherein said token means further includes power means for 
providing power to at least said second memory means and said 
second processor means. 

31. The wireless authentication system according to claim 27, 
wherein said first message includes a random number and said second 
message correctly responds to said first message by returning said 
random number. 

32. The wireless authentication system according to claim 27, 
wherein said first message includes said random number in a non- 
encrypted format and said second message includes said random 
number encrypted with a private key associated with the token means. 
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33. The wireless authentication system according to claim 27, 
wherein said first message includes said random number encrypted 
with a public key associated with the token means and said second 
message includes said random number in a non-encrypted format. 

34. The wireless authentication system according to claim 27, 
wherein said first message includes said random number and said 
second message includes said random number encrypted with a 
private key associated with the token means and a digital certificate 
containing a public key associated with the token means encrypted 
with a private key of a trusted authority. 
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